RE: SecuRemote NT / Firewall-1 2.1

["McClure, Allen" <allen.mcclure () brite com>]

I knew I wasn't the only one!!!  Thanks alot.

On Mon, 12 Oct 1998, McClure, Allen wrote:

> SecuRemote client v3.0a running on NT 4.0 SP3.  I've tried support calls.
>
> It seems that the SecuRemote encryption service does a "late" start and
> prevents the IP stack from starting on time to properly authenticate with
> our domains.  Assuming a local profile exists, it'll use the cached copy
and
> complain about the domain controller not being reachable.
>
> So far I've been able to make it work by either logging in locally or by
> using a cached profile with domain account.  It then seems to
reauthenticate
> as appropriate and work fine.
>
> Perhaps I can get it [SecuRemote Daemon] unbound from the Ethernet???
> How...??
>
> I've fought this for many hours, can any of you shed light???
>
> 95/98 works fine.  Any help would be greatly appreciated.  

I ran into the same problem that you are having, but I was using dhcp.
The secure remote software would prevent dhcp client from starting up and
it took me 6 months of going up the checkpoint support ladder to get a
patch.  The patch basically makes some changes in registry.  I was not
comfortable in asking the users to edit the registry manually and
checkpoint finally release a patch.

=====================================================================

Our R&D people are working to solve the problem of DHCP and SR.
In our lab we succeeded to reproduce the problem that the interface is
being blocked for a while after starting the DHCP service manually (after
boot).
The workaround for this problem may fix all the problem for DHCP and SR.
you might still need to start the DHCP service manually after boot as
mention in the FAQ.
The workaround is to go to the registry by running from  "run: regedit"
and
then searching all the flags of
"ipforwarding" this can be done from the "edit" menu, choose "find" and
enter the word: "ipforwarding
This should find it in about three or more places.
When you find each one, you need to edit it by double clicking on the
highlighted ipforwarding entry and enter the value :"ffffffff" which will
replace the value :"00000000" that was before.
You can iteratively keep searching for these entries by pressing F3 please
try this workaround and notify me if it advanced the situations (the
problem disappear or maybe just improve)

=======================================================================

I am not sure if you can get to the following url, but it has a
description.

http://www.checkpoint.com/support/technical/bugs/securemote/dhcpis.htm

Contact your reseller to get the patch or use secure remote 4.0.

I hope that helps.

- Deepak

PS: If I had to do it again, I would dump firewall-1 in a heartbeat.
Everytime, checkpoint releases new version of anything, including patches.
I have more problems than before, but need the features that new
release/patch enable.